daddy/internal/graph/helper.go
William Petit 3ef495445a Mise en place d'un système de vérification des autorisations côté
serveur

- Création d'un service d'autorisation dynamique basé sur des "voter" (à
  la Symfony)
- Mise en place des autorisations sur les principales queries/mutations
  de l'API GraphQL
2020-09-04 10:10:32 +02:00

79 lines
1.6 KiB
Go

package graph
import (
"context"
"forge.cadoles.com/Cadoles/daddy/internal/voter"
"forge.cadoles.com/Cadoles/daddy/internal/model"
"forge.cadoles.com/Cadoles/daddy/internal/orm"
"forge.cadoles.com/Cadoles/daddy/internal/session"
"github.com/jinzhu/gorm"
"github.com/pkg/errors"
"gitlab.com/wpetit/goweb/middleware/container"
)
func getDB(ctx context.Context) (*gorm.DB, error) {
ctn, err := container.From(ctx)
if err != nil {
return nil, errors.WithStack(err)
}
orm, err := orm.From(ctn)
if err != nil {
return nil, errors.WithStack(err)
}
return orm.DB(), nil
}
func getSessionUser(ctx context.Context) (*model.User, *gorm.DB, error) {
db, err := getDB(ctx)
if err != nil {
return nil, nil, errors.WithStack(err)
}
userEmail, err := session.UserEmail(ctx)
if err != nil {
return nil, nil, errors.WithStack(err)
}
repo := model.NewUserRepository(db)
user, err := repo.FindUserByEmail(ctx, userEmail)
if err != nil {
return nil, nil, errors.WithStack(err)
}
return user, db, nil
}
func isAuthorized(ctx context.Context, obj interface{}, action interface{}) (bool, error) {
user, _, err := getSessionUser(ctx)
if err != nil {
return false, errors.WithStack(err)
}
ctn, err := container.From(ctx)
if err != nil {
return false, errors.WithStack(err)
}
voterSrv, err := voter.From(ctn)
if err != nil {
return false, errors.WithStack(err)
}
decision, err := voterSrv.Authorized(ctx, user, obj, action)
if err != nil {
return false, errors.WithStack(err)
}
if decision == voter.Allow {
return true, nil
}
return false, nil
}